⚠️ Security warning for MakerWorld / 3D printing community
I’ve found several recent model uploads containing malware disguised as a “3D File Preparation Tool”.
The downloads typically contain:
• ZIP inside another ZIP
• a .blend file
• an executable called 3D File Preparation Tool.exe
• an AutoHotkey script
• instructions claiming it converts models
There are no STL or 3MF files included.
Inspection of the script shows it extracts a hidden payload from the .blend file, runs PowerShell with execution policy bypass, launches a bundled Blender executable with auto-exec enabled, and then drops another file disguised as a converted model.
In short: it’s very likely malware targeting 3D printing users.
If you see downloads like this:
❌ Do NOT run the EXE
❌ Do NOT run the tool
❌ Delete the files
Only download models that include normal formats like STL or 3MF.
I’ve reported this to MakerWorld, but please spread the word so people don’t accidentally run these files.
Is makerworldxa safe site to download files from? I'm nervous about downloading from Strange sites.
Videos
Nach Printables hat es jetzt Makerworld erwischt: es tauchen wohl vermehrt "Modelle" auf, die vorgeben, irgend eine Artt von Umwandlungstool zu sein und eine .blend Datei für Blender, eine Exe und ein Aurohotkey Script enthalten (warum auch immer ausgerechnet Aurohotkey). Das Ausführen der .exe öffnet dann Blender und tut so, als würde es irgendwas konvertieren, in Wahrheit lädt aber ein Script, das seltsame Daten von irgendwo besorgt und am Admin-Dialog vorbei ausführt.
Deswegen die Warnung: führt nichts aus, was von Makerworld kommt. Wenn in einem Download nicht ausschließlich stl, 3mf und vielleicht noch eine ReadMe sind, sondern Skripte und ausführbare Dateien: sofort Finger weg und melden!
Link to original post: https://mastodon.social/@3dprinty/111282007082869900
⚠️ Security warning for MakerWorld / 3D printing community
I’ve found several recent model uploads containing malware disguised as a “3D File Preparation Tool”.
The downloads typically contain:
• ZIP inside another ZIP
• a .blend file
• an executable called 3D File Preparation Tool.exe
• an AutoHotkey script
• instructions claiming it converts models
There are no STL or 3MF files included.
Inspection of the script shows it extracts a hidden payload from the .blend file, runs PowerShell with execution policy bypass, launches a bundled Blender executable with auto-exec enabled, and then drops another file disguised as a converted model.
In short: it’s very likely malware targeting 3D printing users.
If you see downloads like this:
❌ Do NOT run the EXE
❌ Do NOT run the tool
❌ Delete the files
Only download models that include normal formats like STL or 3MF.
I’ve reported this to MakerWorld, but please spread the word so people don’t accidentally run these files.
I've designed this magnetic fidget toy. I know others exist, but I made this from scratch.
It prints reliably and quickly.
I have not ever released any models for download - I have only ever sold my physical resin models.
Is it worth putting on makerworld? Are there any things I should consider?
I made a simple model a year ago, it was simple but very functional and nothing really existed in that way and shape. I thought it was a nice idea and since Makerworld provided some protection and commercial license (explicitly when you upload a model) I thought why not. Got some thousand downloads in 1 year. All of a sudden I get messaged by a friend which also is an author on the platform, saying that my model had been copied entirely. And it really was, literally the same model with 1 miniscule change (1 sloped surface). And it instantly got almost a thousand downloads. Contacted makerworld 3 times, they told me they don't see any problem with it. Contacted the author, told me he did basically reverse engineer my model. Also told me "I've also been copied" and that's how it works on Makerworld.
I don't really need the points but didn't Bambu just release the exclusive model initiative to protect novel ideas on Makerworld? Isn't this the whole point of the new approach?
Honestly we don't really feel like uploading novel ideas anymore, if this is what happens afterwards. Actually this just seems like I would benefit from doing the same as he did to get points, buy filament and then use my novel ideas on other platforms.
Has any of you encountered the same problem? Do you feel protected as authors?
EDIT:
Thank you all for answering. I guess you’re right, I’ve been naive on this argument probably. I don’t really want to endanger neither his nor my profile, also don’t really care about specifics, so I won’t disclose the models. Just wanted to know your opinion and approach. I guess as some of you suggested I’ll keep the good ideas out of the platform and play this game to get the points. Still sad to see honestly.
I have been uploading quite a few designs and gotten generally 5 star reviews. What grinds my gears is that some people leave 2-3 star reviews just because they have no idea how to use their machines or wont calibrate their filaments. Latest one was a design of a simple hook that would be printed on its side. I printed mine fine without a brim because I have dialled in my filament settings (nozzle temp, speed, bed temp etc) and regularly clean my plate and someone left a 2 star review just because their print lifted up from the bed and looked like a pile of turd. In another design, someone complained that the brim was too hard to remove. The profile was for normal PLA and this hero goes and prints it in PLA-CF. Well no wonder it's not working as intended if you use a different filament for the profile that it wasn't designed for :D I get that Bambus are straight out of the box machines but some people don't seem to want to do any other work besides hit the print button. Do you think that it is the designer's responsibility to tell how to do everything? I think that it's not because everyone's machine behaves a little differently not to mention the brand of filament.
Venting: done.
I mean I gotta start by saying that I honestly dislike how Bambulab is treating the open source community. All their products only exist because of it, yet they try to destroy it. That being said, makerworld is just a „pain in my buttholes“ (please say this in your best Borat voice) to use. And the issue is, they incentivice the creators so much, that often times its the only place you can get the models. Just downloading a model is so finicky, it sucks. And anyone who thinks that „oh the other platforms should just pay the creators more“, please try to think about where the money is coming from. This is not sustainable. They just get a ton of money as interest free loans from their government. Sooner or later this will be a subscription. Thank you for listening to my Ted Talk.
Makerworld exclusive program Is it safe to step in? I have read some comments on Reddit from people that have lost a lot of points due to to violations
Ik have 26 models online is it a good option to enter the exclusive program?
I dont have 2d or re designs
This is my makerworld page https://makerworld.com/en/@hunnik
A bit of a wasted post, but I am wondering if there is a little part of you that dies everytime I go to maker world site?
I am not one of the Bambu-haters, but seems maybe I am and I didnt know it? I also dislike the site design, or thats just a bias I have without thinking about it.
Anyhow, not trying to troll of stir the pot either, just thought Id share.